提交 82e9b78a 编写于 作者: K Kamil Dudka

nss: fix SSL handshake timeout underflow

上级 07f45946
......@@ -14,6 +14,9 @@ Kamil Dudka (24 Apr 2010)
- Fixed test536 in order to not fail with threaded DNS resolver and tweaked
comments in certain examples using curl_multi_fdset().
- Fixed SSL handshake timeout underflow in libcurl-NSS, which caused test405
to hang on a slow machine.
Daniel Stenberg (21 Apr 2010)
- The -O option caused curl to crash on windows and DOS due to the tool
writing out of boundary memory.
......
......@@ -20,6 +20,7 @@ This release includes the following bugfixes:
o -J/--remote-header-name strips CRLF
o MSVC makefiles now use ws2_32.lib instead of wsock32.lib
o -O crash on windows
o SSL handshake timeout underflow in libcurl-NSS
This release includes the following known bugs:
......
......@@ -1025,6 +1025,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
int curlerr;
const int *cipher_to_enable;
PRSocketOptionData sock_opt;
long time_left;
PRUint32 timeout;
curlerr = CURLE_SSL_CONNECT_ERROR;
......@@ -1302,8 +1303,15 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
SSL_SetURL(connssl->handle, conn->host.name);
/* check timeout situation */
time_left = Curl_timeleft(conn, NULL, TRUE);
if(time_left < 0L) {
failf(data, "timed out before SSL handshake");
goto error;
}
timeout = PR_MillisecondsToInterval((PRUint32) time_left);
/* Force the handshake now */
timeout = PR_MillisecondsToInterval((PRUint32)Curl_timeleft(conn, NULL, TRUE));
if(SSL_ForceHandshakeWithTimeout(connssl->handle, timeout) != SECSuccess) {
if(conn->data->set.ssl.certverifyresult == SSL_ERROR_BAD_CERT_DOMAIN)
curlerr = CURLE_PEER_FAILED_VERIFICATION;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册